Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-30 | CVE-2024-6418 | SQL Injection vulnerability in Oretnom23 Medicine Tracker System 1.0 A vulnerability classified as critical has been found in SourceCodester Medicine Tracker System 1.0. | 5.3 |
| 2024-06-28 | CVE-2024-3816 | SQL Injection vulnerability in Conceptintermedia S@M CMS Sites managed in S@M CMS (Concept Intermedia) might be vulnerable to a blind SQL Injection executed using the search bar. Only a part of observed services is vulnerable, but since vendor has not investigated the root problem, it is hard to determine when the issue appears. | 9.8 |
| 2024-06-25 | CVE-2024-37843 | SQL Injection vulnerability in Craftcms Craft CMS Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint. | 9.8 |
| 2024-06-25 | CVE-2024-6308 | SQL Injection vulnerability in Clivedelacruz Simple Online Hotel Reservation System 1.0 A vulnerability was found in itsourcecode Simple Online Hotel Reservation System 1.0. | 9.8 |
| 2024-06-23 | CVE-2024-6266 | SQL Injection vulnerability in Pearadmin Pear Admin Boot A vulnerability classified as critical has been found in Pear Admin Boot up to 2.0.2. | 9.8 |
| 2024-06-22 | CVE-2024-21514 | SQL Injection vulnerability in Opencart 3.0.3.9 This affects versions of the package opencart/opencart from 0.0.0. | 8.1 |
| 2024-06-21 | CVE-2024-6027 | SQL Injection vulnerability in Themify Product Filter The Themify – WooCommerce Product Filter plugin for WordPress is vulnerable to time-based SQL Injection via the ‘conditions’ parameter in all versions up to, and including, 1.4.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |
| 2024-06-21 | CVE-2024-6212 | SQL Injection vulnerability in Oretnom23 Simple Student Attendance System 1.0 A vulnerability was found in SourceCodester Simple Student Attendance System 1.0 and classified as problematic. | 6.1 |
| 2024-06-20 | CVE-2024-3605 | SQL Injection vulnerability in Thimpress WP Hotel Booking The WP Hotel Booking plugin for WordPress is vulnerable to SQL Injection via the 'room_type' parameter of the /wphb/v1/rooms/search-rooms REST API endpoint in all versions up to, and including, 2.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 9.8 |
| 2024-06-20 | CVE-2024-4742 | SQL Injection vulnerability in Kainelabs Youzify The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the order_by shortcode attribute in all versions up to, and including, 1.2.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 8.8 |